Cve20207796 Zimbra Collaboration Suite Full [portable] May 2026

This results in the Zimbra server downloading and executing a reverse shell script.

vulnerability. It occurs due to insufficient validation of user-supplied URLs within specific components of the Zimbra application. Specifically, this vulnerability is triggered when the WebEx zimlet is installed and the zimlet JSP is enabled. How the Vulnerability Works cve20207796 zimbra collaboration suite full

While 2020 saw several high-profile vulnerabilities in Zimbra (notably CVE-2020-27988 and CVE-2020-28016), one flaw stands out for its severity and the chilling simplicity of its exploitation: . This vulnerability, rated Critical (CVSS 9.8) , allows an unauthenticated attacker to achieve full Remote Code Execution (RCE) on the underlying Zimbra server, leading to complete compromise of the email infrastructure. This results in the Zimbra server downloading and